Wall of Shame: The Top Cause of Breaches Since Omnibus

The year 2013 was a pivotal time for the healthcare industry. Bioengineering developments reached new heights with emerging technologies such as electronic aspirin and a transcatheter aortic heart valve that provides an alternative to open-heart surgery.

And then there was HIPAA's omnibus rule. The rule extended HIPAA requirements to healthcare organizations' service providers, strengthened requirements for data protection and privacy practices, gave individuals more rights for obtaining access to healthcare records and increased maximum penalties for noncompliance.

Data Breaches Since Omnibus

Since omnibus went into effect, the number of organizations that have made the Department of Health and Human Service’s (HHS’s) "wall of shame" — the moniker given to the public, legally required listing of breaches affecting 500 or more individuals — has skyrocketed.

According to data we exported from HHS, 1,186 organizations have found themselves in HIPAA's bad graces during the time span of January 2013 to December 2014. Of the top 10 largest breaches, 70 percent were due to the loss or theft of information stored on backup tapes, servers, drives, desktop computers, laptops and other media.

Staying Compliant

Omnibus doesn't always offer prescriptive recommendations for avoiding breaches. However, healthcare providers can learn from the mistakes of others and take precautions to remain compliant, avoid fines, and most importantly, protect their patients' information.

Below are a few examples of solutions we recommend for healthcare providers looking to combat common breach causes:

We also encourage healthcare organizations to make sure any business continuity and disaster recovery vendors they consider working with have completed a third-party audit that meets regulatory standards, such as the Service Organization Controls 2 audit.

Ultimately, by taking proactive measures against security breaches, you can lessen your odds of landing a spot on the wall of shame.